SHE-key update protocol

ale_di_vi · ‎07-24-2023

Hi,

I have a question regarding SHE-key update protocol. I'm using a tool to calculate M1,M2,M3,M4,M5 format of key to be stored in the corresponding SHE slot, by providing the needed input (keyID, unitID, counter, usageflags, AuthID, KEY_AuthID). Given the fact that the MASTER_ECU_KEY is used as authentication key to update all the other SHE-keys, what should be the AuthID and KEY_AuthID value to be provided as input in order to calculate the MASTER_ECU_KEY in M1,...,M5 format?

Seeing the AN5401, it seems that KEY_AuthID shall be all 1's, is it correct? What about AuthID?

lukaszadrapa · ‎07-25-2023

I was talking in general, that was just an example. If such attribute is not available for a key, keep value of the attribute as zero.

Regards,

Lukas

元の投稿で解決策を見る

ale_di_vi · ‎07-25-2023

Thank you for your response @lukaszadrapa.

Just one more question: what about the attribute_flags? Should I decide the value and the '0' in your screen is just an example or should it be always set to '0'?

lukaszadrapa · ‎07-25-2023

The attribute flags should be set as you need.

For example, if you want to set KEY_USAGE to 1 (that means the key will be used for CMAC generation/verification), the value should be 0b000100 (WRITE_PROT is MSB, VERIFY_ONLY is LSB).

Regards,

Lukas

ale_di_vi · ‎07-25-2023

Ok, but from Table 1 of AN5401 I also see that the key usage attribute cannot be defined for the MASTER_ECU_KEY and the BOOT_MAC_KEY, as well as the boot protection attribute for the BOOT_MAC_KEY.

So, what value should I put in calculate_M1_to_M5 for these unavailable attributes?

lukaszadrapa · ‎07-25-2023

I was talking in general, that was just an example. If such attribute is not available for a key, keep value of the attribute as zero.

Regards,

Lukas

ale_di_vi · ‎07-26-2023

Ok, it's all clear now. Thank you

lukaszadrapa · ‎07-25-2023

Hi @ale_di_vi

I made this compilation from AN5401 which should answer it:

Regards,

Lukas